
APPENDIX A 
*Clean" Version of Each Paragraph/Section/Claim 
37 C.F.R. § 1.121(b)(ii) and (c)(i) 



SPECIFICATION : 

Re^t^ment for the paragraph beginning at page 5, line 8: 



In subsequent logons to the system, the present invention allows customers to re-identify 
themselves to see a forgotten ID, and to re-verify themselves so they can recreate a password if a 
password is forgotten. The present invention allows the customer to create answers to challenge 
questions that only the user should know the answer to. For example, a challenge question could 
be, 'Vhat model was your first car?". The answers to the challenge questions are stored in the 
system for future use if the user forgets his password. If the situation occurs that the user does 
forget his password, he is presented with the challenge questions to which he previously 
provided the answers. If the user successfully answers the challenge questions, he is allowed 
access to the system (and is allowed to change his password). 

. , 




Replae^ment for the paragraph beginning at page 6, line 1: 



The present invention is not limited to providing access to personal accoxmts and is 
equally applicable to business accoxmts. Business customers can use the system for online 
enrollment, fulfillment and ownership verification. This includes customers who want to see 
both personal and business accoimts under one ID and password. The business owner may be a 
sole proprietor (using a social security number), a business owner or partner (using a tax 
identification number (TIN)), or a multiple business owner (multiple TINs). Furthermore, the 
system allows a tiered authority structure where an owner of an account can set up and authorize 
access to the same or lesser levels of authority to non-owners of the accounts (e.g., spouses or 
employees). This allows set up and monitoring of sub-IDs for consumers as well as businesses. 



Replacement for the paragraph beginning at page 6, line 17: 



The present invention provides ease of use by the customer since the customer does not 
need joduplicate work such as inputting his or her social security number, accoiuit number, and 
other personal or account information a number of different times to either sign up for access or 
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to logon to see their accounts. The abihty for the customer to use "self-service" sign up and 
'logon failure procedures eliminates or minimizes customer and back office support for 
fiilfiUment (e.g., issuing IDs, passwords, and reissued passwords). The single sign on ID and 
password that allows access to all of the customer's accounts provides speed of fiilfilhnent, ease 
of use and reduced customer support for issued or forgotten IDs and passwords. The ability for 
customers to see all of their accounts with one logon eases the customer experience and enhances 
customer retention, as well as enhancing cross-sell aiid up-sell efforts. 



System 100 illustrates the system of the present invention that allows customers 110 to 
use a single sign on procedure to obtain access to a plurality of their accounts residing on the 
systems 192-196 for different lines of business in the institution. Customers 110 use their 
workstations 1 10 to connect to system 100 through a communication network 115. In a preferred 
embodiment, the network 1 1 5 is the public Internet, but can be any other communication 
connection such as a direct dial up line or a third party value add network. Customer 
workstations 1 10 are comprised of any platform capable of running an Intemet web browser or 
similar graphical user interface software. Examples of suitable web browsers include 
Microsoft's Intemet Explorer™ and Netscape's Communicator™. The platform for user 
workstations 110 can vary depending on the needs of its particular user and includes a desktop, 
laptop or handheld personal computer, personal digital assistant, web enabled cellular phone, 
web enabled television, or even a workstation coupled to a mainframe computer. 



Repj^eement for the paragraph beginning at page 8» line 9: 

In the preferred embodiment, customer workstations 110 communicate with system 100 
using the Transmission Control Protocol/Internet Protocol (TCP/IP) upon which particular 
subsets of that protocol can be used to facilitate commimications. Examples include the 
Hypertext Transfer Protocol (HTTP), data carrying Hypertext Mark-Up Language (HTML) web 
pages, Java and Active-X applets and File Transfer Protocol (FTP). Data connections between 
customer workstations 110 and data communication network 115 can be any known arrangement 
for accessing a data communication network, such as dial-up Serial Line Interface 



Replacj 




for the paragraph beginning at page 7, line 19: 
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Protocol/Point-to-Point Protocol (SLIP/PPP), Integrated Services Digital Network (ISDN), 
dedicated leased-line service, broadband (cable) access, Digital Subscriber Line (DSL), 
Asynchronous Transfer Mode (ATM), Frame Relay or other known access techniques. Web 
servers 120 are coupled to data communication network 1 15 in a similar fashion. However, it is 
preferred that the link between the web servers 120 and data communication network 1 15 be 
arranged such that access to web servers 120 is always available. 



Repl^efnent for the paragraph beginning at page 10, line 26: 



Figure 2 illustrates an overview of the sign up and log on processes of the present 
invention. In step 200 a customer is presented with an up-front filter asking them to define 
themselves as a business, personal, both business and personal, or if they are not a customer. 
Prior to the customer continuing in the process, a warning is presented to the customer with 
respect to the dual signature limitation for business customers. Based on the self-selection, the 
customer is presented with an explanation in regard to the linking of personal and business 
accounts, the single signer requirement, and the necessity of signing up business accounts first. 



i^Ja<Semi 



Rep}a<5ement for the paragraph beginning at page 12, line 4: 



After creating the User ID and password, the customer is presented with the option to 
select challenge questions, which as described below, enables them to reset their passwords 
online, by themselves, in the event the customer forgets the password selected. In step 210, the 
customer is then presented with an online legal agreement that must be accepted prior to the 
customer continuing. The online legal agreement contains all of the terms and conditions of the 
customer's use of system 100. For those customers who were set up via the call center, this legal 
agreement is presented to them upon logging on for the first time. 



i^e^oent 



Replacement for the paragraph beginning at page 12, line 13: 



In step 215, the customer is shown all of his/her accounts (including business accounts if 
applicable) that he/she has with the institution. The account information is presented to the 
customer based on data contained in the customer's CIF profile. After the accounts have been 
presented to the customer, the customer is given the option to view these accoimts using system 
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100. In addition to the accounts the customer can view, the customer is shown all services (e.g., 
tax, payroll, 
participate. 



^ tax, payroll, wire transfer, and electronic billing services) in which the customer is able to 



Re^Jdcement for the paragraph beginning at page 14, line 21: 



Each of the identification screens prompt the user for information sufficient to retrieve 
the customer's information fi-om the CIF. This information includes the Social Security Number 
(SSN) for access to personal accounts, the Taxpayer Identification Number (TIN) for access to 
business accounts, the customer's account number and account type, the user's first and last 
name and email address. The email address portion of the input screen for identification also has 
a check box to allow users to opt-in for marketing email messages. 



Replac^ent for the paragraph beginning at page 16, line 12: 



^10 



In step 310, the user is prompted to Create a user ID, a password and challenge questions. 
Regardless of whether the user is identified on the CIF, the user is allowed to create an ID and 
password that are added to the database of system 100. Prospects (users without current 
accounts) are allowed to establish a user ID and password in order to facilitate Sign Up at a later 
time or to access non-account features, such as saving data to a calculator or application or 
personalizing a financial utility page. The user is created in the system by adding the ID, 
password and email address to the database. If the user has been identified as a customer with 
current accounts, the customer's CIF number is also stored in the database with the ID and 
password. 



Repla^efnent for the paragraph beginning at page 16, line 23: 



At this point in the sign up process, the user is also prompted to select and answer 
challenge questions. These challenge questions replace the prior art method of re- verifying using 
account information. The user selects one question fi-om each of three drop down lists and 



L completes the answers. Users that have passed the CIF match (i.e. customers) have the option to 
opt-out of challenges. If they choose to do so, they will not be able to re-verify online and create 
a new password. They would have go through the customer service center of the institution and 
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a new password is mailed to them. As previously described, the challenge questions are personal 
in nature, of a type that only the user would be able to answer them (e.g., what was your first 
grade teacher's name). 



ReD}a(;emeiit for the paragraph beginning at page 17, line 16: 



In step 315, the user is presented with the legal agreement governing the user's access to 
system 100. All users creating a user ID and password have to accept the legal agreement. This 
is equally true for prospects and customers that have both passed or failed the CIF match. Since 
these users will have other functionaUty at the site, they all need to accept the legal agreement. 
The user is presented with the legal agreement and has the option to select "I Agree" or "I 
Disagree" or "Print". If the user rejects the disclosure, she is notified that she caimot continued 
with the sign up process and is presented with the option to view it again. If the user accepts the 
disclosure, the sign up process continues. 



Replac^g^ for the paragraph beginning at page 17, line 26; 



After the user accepts the legal agreement, there is a decision point before proceeding to 
the next step. If the customer was coming from a process other than signing up for account 
^ (3 the user will be prompted to Log On. After successfiiUy logging on, the user is returned 

to the process that brought him to Sign Up. If the user is signing up for account access, the user 
will continue with show/hide fimctionality. 



Replapcfment for the paragraph beginning at page 20, line 2: 



Verification according to the present invention is different from the prior art 
authentication for several reasons. First, some of the prior art verification questions are not 
applicable to the Intemet channel or to the "self-service" methods of the present invention. For 
example, a question related to a "a recent transaction" cannot be prompted and verified by a 
system such as system 100 in real time. The verification questions of the present invention relate 
to access to accounts via the Intemet Channel, and are not related to a global name or address 
change. 
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Replacement for the paragraph beginning at page 20, line 18: 



3l(^ 



Of the products the customer has chosen to activate online during the select account 
process (step 320 of Fig. 3), an account of the "highest" product type on the hierarchy is chosen 
to verify against. If multiple accounts of this product type have been selected, the system 
performs the following logic to determine which account to use for product-level verification. If 
the product type for verification is the same type that the user identified himself with during sign 
up/identification, the accoimt number chosen during identification is used. If the product type 
was not used for identification, then the first account returned on the list is used. 



Replacement for the paragraph beginning at page 20, line 26: 



In step 400 it is determined if the authentication level for the current product/accoxmt 
selected is greater than the current level of verification performed by the user. If it is not, the 
process proceeds to step 425 in which the user is confirmed for the present level of verification. 
In a preferred embodiment of the present invention the hierarchy implemented for personal 
customers opposed to business customers is: Credit Card; Checking/MMA (excluding IRA 
MMA); Savings/IRA MMA/IRA Savings; CD/IRA CD; Overdraft Line of Credit; Investments; 
and Mortgage. The customer's SSN is not used for verification of a product since the user has 
already entered it during the Sign Up/ Identification process. If a higher level of verification is 
required, the system in step 405 checks to see if there is a complete record for the accoxmt in the 
database of system 100. If there is not a complete record, an error message is generated in step 
407 ^ 




Replapement for the paragraph beginning at page 22, line 11: 



. The following are some examples of the verification questions required for access to 

7 Specific accounts. For credit card products, it is required that the user enter the trailing 4 digits 
for all of the accounts they are selecting to "show". If the user incorrectly enters the trailing 
digits for the account being used for verification, then, after three attempts, the user fails 
verification altogether. However, if the user incorrectly enter the trailing 4 digits for an account 
not being used for verification, then the user just does not have online access to that account. In 
addition to the account number, the user will be prompted to answer questions related to the 
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following: Mother's Maiden Name; the CW/C2 number printed on the reverse side of the 
physical credit card; Date of Birth; and kome Phone Number. 

^ 



Replacement for the paragraph beginning at page 24, line 3: 



Thrf verification of ownership processes for online access for Small Business customers is 
dependent on whether or not the customer has a deposit product in their profile. As with 
personal authentication, if a business customer verifies or correctly answers questions for a 
particular product, they are automatically verified for each of the products below it in the 
hierarchy. Verification requirements for Small Business customers differs fi-om that for Personal 
customers. Products available for online access are Checking, MMA, Savings, CD, Credit Card, 
Revolving credit products and Investments. As a rule, a business customer must either verify 
ownership against a deposit accoimt or an investment account. In a preferred embodiment, small 
business customers will not be able to verify against any other accounts. In the preferred 
embodiment, the verification hierarchy for small businesses is as follows: Checking/MMA; 
Savings; CD; and Investments. 



Replacemdit for the paragraph beginning at page 24, line 20: 



Althox^gh described briefly before, the follow generally describes the log on process. 
When a user logs on, several scenarios exist based on varying ID and password combinations 
inputted by the user such as valid ID/invalid password, invalid ID/invalid password, etc. 
Although each of these scenarios are a bit different, it has been learned that if the scenarios are 
treated differently, the system 100 will reveal information regarding a "hit" on a valid ID, as well 
as information regarding the security and authentication logic and User ID status within the 
system. To ensure that system 100 does not leak any such information, all scenarios with regard 
to invalid ID/PW combinations are treated identical The customer has the ability to click on a 
"Having Trouble?" link and be presented with Help options (that is, contact customer support or 
re-authenticate online options). 
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